Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

Chapter 3

Chapter
3-1
Fraud, Ethics,
and Internal
Control
Chapter
3-2
Accounting Information Systems, 1st Edition
Study Objectives
1.
An introduction to the need for a code of ethics and good internal
controls
2.
The accounting related fraud that can occur when ethics codes and
internal controls are weak or not correctly applied
3.
The nature of management fraud
4.
The nature of employee fraud
5.
The nature of customer fraud
6.
The nature of vendor fraud
7.
The nature of computer fraud
8.
The policies that assist in the avoidance of fraud and errors
9.
The maintenance of a code of ethics
10. The maintenance of accounting internal controls
11. The maintenance of information technology controls
Chapter
3-3
Need for a Code of Ethics and Internal Controls
During 2001 and 2002, several companies were named in
regards to fraudulent financial reporting.
WorldCom
(Audit firm)
Chapter
3-4
SO 1 An introduction to the need for a code
of ethics and good internal controls
Need for a Code of Ethics and Internal Controls
When management is unethical, fraud is likely to occur.
Management obligations:
 Stewardship.
 Provide accurate reports.
 Maintain internal controls.
 Enforce a code of ethics.
Chapter
3-5
SO 1 An introduction to the need for a code
of ethics and good internal controls
Need for a Code of Ethics and Internal Controls
Quick Review
The careful and responsible oversight and use of the
assets entrusted to management is called
a. control environment.
b. stewardship.
c. preventive control.
d. security.
Chapter
3-6
SO 1 An introduction to the need for a code
of ethics and good internal controls
Accounting Related Fraud
Fraud - theft, concealment, and conversion to personal
gain of another’s money, physical assets, or information.
Misappropriation of Assets - defalcation or internal
theft.
Misstatement of Financial Records - earnings
management or fraudulent financial reporting.
Chapter
3-7
SO 2 The accounting related fraud that can occur when ethics codes
and internal controls are weak or not correctly applied
Accounting Related Fraud
Fraud, three conditions must exist.
Exhibit 3-1
The Fraud Triangle
Chapter
3-8
SO 2 The accounting related fraud that can occur when ethics codes
and internal controls are weak or not correctly applied
Accounting Related Fraud
Exhibit 3-2
Categories of Accounting
Related Fraud
Categories of Accounting-Related Fraud
Chapter
3-9
SO 2 The accounting related fraud that can occur when ethics codes
and internal controls are weak or not correctly applied
Accounting Related Fraud
Quick Review
Which of the following is not a condition in the fraud
triangle?
a. rationalization.
b. incentive.
c. conversion.
d. opportunity.
Chapter
3-10
SO 2 The accounting related fraud that can occur when ethics codes
and internal controls are weak or not correctly applied
The Nature of Management Fraud
Management Fraud is usually in the form of fraudulent
financial reporting.
Managers misstate financial statements in order to:
1. Increased stock price.
2. Improved financial statements.
3. Enhanced chances of promotion, or avoidance of firing
or demotion.
4. Increased incentive-based compensation.
5. Delayed cash flow problems or bankruptcy.
Chapter
3-11
SO 3 The nature of management fraud
The Nature of Management Fraud
Management Fraud may involve:



Overstating revenues and assets.
Understating expenses and liabilities.
Misapplying accounting principles.
Two Examples:
Enron’s top management had been
hiding debt and losses by using
special purpose entities (SPEs).
Managers at Xerox approved and encouraged accounting
practices that violated GAAP and accelerated revenue
recognition.
Chapter
3-12
SO 3 The nature of management fraud
The Nature of Management Fraud
Quick Review
There are many possible indirect benefits to
management when management fraud occurs. Which
of the following is not an indirect benefit of
management fraud?
a. delayed exercise of stock options.
b. delayed cash flow problems.
c. enhanced promotion opportunities.
d. increased incentive-based compensation.
Chapter
3-13
SO 3 The nature of management fraud
The Nature of Employee Fraud
Employee Fraud usually means that an employee steals
cash or assets for personal gain.
Kinds of Employee Fraud:
Kickback
1. Inventory theft.
2. Cash receipts theft.
3. Accounts payable fraud.
4. Payroll fraud.
5. Expense account fraud.
Chapter
3-14
Collusion
Larceny
Skimming
SO 4 The nature of employee fraud
The Nature of Management Fraud
Quick Review
Which of the following is not an example of employee
fraud?
a. skimming.
b. larceny.
c. kickbacks.
d. earnings management.
Chapter
3-15
SO 4 The nature of employee fraud
The Nature of Management Fraud
Quick Review
The most difficult type of misstatement to discover
is fraud that is concealed by
a. over-recording the transactions.
b. nonrecorded transactions.
c. recording the transactions in subsidiary records.
d. related parties.
Chapter
3-16
SO 4 The nature of employee fraud
The Nature of Customer Fraud
Customer Fraud occurs when a customer improperly
obtains cash or property from a company, or avoids a
liability through deception.
Kinds of Customer Fraud:
1. Credit card fraud.
2. Check fraud.
3. Refund fraud.
Chapter
3-17
SO 5 The nature of customer fraud
The Nature of Vendor Fraud
Vendor Fraud occurs when vendors obtain payments to
which they are not entitled.
Vendors may:
1. Submit duplicate or incorrect invoices.
2. Send shipments in which the quantities are short.
3. Send lower-quality goods than ordered.
Chapter
3-18
SO 6 The nature of vendor fraud
The Nature of Vendor Fraud
Quick Review
The review of amounts charged to the company from
a seller that it purchased from is called a
a. vendor audit.
b. seller review.
c. collusion.
d. customer review.
Chapter
3-19
SO 6 The nature of vendor fraud
The Nature of Computer Fraud
Computer Fraud may include:
1. Industrial espionage.
2. Software piracy.
Chapter
3-20
SO 7 The nature of computer fraud
The Nature of Computer Fraud
Internal Sources of Computer Fraud
1. Input manipulation
2. Program manipulation
a. Salami technique
b. Trojan horse programs
c. Trap door alterations
3. Output manipulation
Chapter
3-21
SO 7 The nature of computer fraud
The Nature of Computer Fraud
External Sources of Computer Fraud
In most cases conducted by someone outside the
company who has gained unauthorized access to the
computer.
Two Common Types:
1. Hacking.
 Denial of Service attack (DoS)
2. Spoofing.
Chapter
3-22
SO 7 The nature of computer fraud
The Nature of Vendor Fraud
Quick Review
Which of the following is generally an external
computer fraud, rather than an internal computer
fraud?
a. spoofing
b. input manipulation
c. program manipulation
d. output manipulation
Chapter
3-23
SO 6 The nature of vendor fraud
Policies to Assist in the Avoidance of
Fraud and Errors
Actions to assist in prevention or detection of
fraud and errors:
1. Maintain and enforce a code of ethics.
2. Maintain a system of accounting internal
controls.
3. Maintain a system of information technology
controls.
Chapter
3-24
SO 8 The policies that assist in the avoidance of fraud and errors
Maintain a Code of Ethics
Sarbanes–Oxley Act of 2002
Requirement - public companies adopt and
disclose a code of ethics.
Concepts usually found in code of ethics:
 Obeying applicable laws and regulations.
 Conduct that is honest, fair, and trustworthy.
 Avoiding all conflicts of interest.
 Creating and maintaining a safe work environment.
 Protecting the environment.
Chapter
3-25
SO 9 The maintenance of a code of ethics
System of Accounting Internal Controls
Objectives of an internal control system are:
1. Safeguard assets (from fraud or errors).
2. Maintain accuracy and integrity of accounting
data.
3. Promote operational efficiency.
4. Ensure compliance with management directives.
Chapter
3-26
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Three types of controls:
 Preventive controls
 Detective controls
 Corrective controls
COSO Report - five components of internal control:
 Control environment.
 Risk assessment.
 Control activities.
 Information and communication.
 Monitoring.
Chapter
3-27
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Control Environment
Factor
Example of a less risky
control environment
Exhibit 3-5
Factors of the Control
Environment
Example of a more risky
control environment
Integrity and ethics
The company has a code of
ethics, and it is rigidly
enforced.
The company does not have
a code of ethics, or if they
have one, it is not enforced.
Philosophy and operating
style
Management is very
conservative in its approach
to things such as mergers.
Management is very
aggressive and risk taking
in its approach to things
such as mergers.
Chapter
3-28
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Factor
Example of a less risky
control environment
Example of a more risky
control environment
Assignment of authority
and responsibility
Lines of authority are well
established, and managers’
jobs and duties are clear to
Organization and
development of people
Management carefully trains Management does not spend
and cultivates employees to any money or time on the
be able to take on more
training of employees.
responsibility.
Attention and direction by Members of the board
the board of directors
examine reports and hold
top management
accountable for the
accuracy of the reports.
Chapter
3-29
Managers have overlapping
duties, and oftentimes
managers are not quite sure
them. whether or not they
have certain responsibilities
and authority.
Members of the board do
not prepare for the
meetings they attend and
are merely “big-name”
figureheads.
System of Accounting Internal Controls
Risk Assessment
Management must develop a way to:
1. Identify the sources of risks.
2. Determine impact of risks.
3. Estimate chances of risks occurring.
4. Develop an action plan to reduce the impact and
probability of risks.
5. Execute the action plan and continue the cycle,
beginning again with the first step.
Chapter
3-30
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Control Activities
Categories:
1. Authorization of transactions
2. Segregation of duties
3. Adequate records and documents
4. Security of assets and documents
5. Independent checks and reconciliation
Chapter
3-31
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Control Activities
Categories:
1. Authorization of Transactions
 General authorization
 Specific authorization
Chapter
3-32
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Control Activities
Categories:
2. Segregation of Duties
Exhibit 3-6
Segregation of Duties
Chapter
3-33
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Control Activities
Categories:
3. Adequate Records and Documents
 Supporting documentation for all significant
transactions
 Schedules and analyses of financial information
 Accounting cycle reports
Audit Trail
Chapter
3-34
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Control Activities
Categories:
4. Security of Assets and Documents
 Protecting physical assets
 Protecting information
Cost-benefit comparison
Chapter
3-35
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Control Activities
Categories:
5. Independent Checks and Reconciliation
Procedures:
 Reconciliation
 Comparison of physical assets with records
 Recalculation of amounts
 Analysis of reports
 Review of batch totals
Chapter
3-36
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Quick Review
Which control activity is intended to serve as a
method to confirm the accuracy or completeness of
data in the accounting system?
a. authorization
b. segregation of duties
c. security of assets
d. independent checks and reconciliations
Chapter
3-37
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Quick Review
Proper segregation of functional responsibilities calls
for separation of the functions of
a. authorization, execution, and payment.
b. authorization, recording, and custody.
c. custody, execution, and reporting.
d. authorization, payment, and recording.
Chapter
3-38
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Information and Communication
An effective accounting system must:
1. Identify all relevant financial events transactions.
2. Capture the important data of these transactions.
3. Record and process the data through appropriate
classification, summarization, and aggregation.
4. Report this summarized and aggregated
information to managers.
Chapter
3-39
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Information and Communication
Monitoring
Any system of control must be constantly
monitored to assure that it continues to be
effective.
Chapter
3-40
SO 10 The maintenance of accounting internal controls
System of Accounting Internal Controls
Reasonable Assurance of Internal Controls
Controls achieve a sensible balance of reducing risk
when compared with the cost of the control.
Not possible to provide absolute assurance, because:
 Flawed judgments are applied in decision making.
 Human error exists in every organization.
 Controls can be circumvented or ignored.
 Controls may not be cost beneficial.
Chapter
3-41
SO 10 The maintenance of accounting internal controls
System of Information Technology Controls
For any business process, there should be both
accounting internal controls as in COSO, and
IT controls as in the Trust Principles.
Risk and controls in IT are divided into five categories:
 Security
 Online privacy.
 Availability
 Confidentiality.
 Processing integrity.
Chapter
3-42
SO 11 The maintenance of information technology controls
System of Information Technology Controls
Quick Review
AICPA Trust Principles identify five categories of
risks and controls. Which category is best described
by the statement, “Information process could be
inaccurate, incomplete, or not properly authorized”?
a. security
b. availability
c. processing integrity
d. confidentiality
Chapter
3-43
SO 11 The maintenance of information technology controls
Copyright
Copyright © 2008 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted
in Section 117 of the 1976 United States Copyright Act without
the express written permission of the copyright owner is
unlawful. Request for further information should be addressed
to the Permissions Department, John Wiley & Sons, Inc. The
purchaser may make back-up copies for his/her own use only
and not for distribution or resale. The Publisher assumes no
responsibility for errors, omissions, or damages, caused by the
use of these programs or from the use of the information
contained herein.
Chapter
3-44
Related documents
Using CommonKADS Method to Build Prototype System in
Using CommonKADS Method to Build Prototype System in
WCMSRiskManagement
WCMSRiskManagement
Problem Solving Essay.doc
Problem Solving Essay.doc
The Headright System Yazoo Land Fraud (Allocation By Price)
The Headright System Yazoo Land Fraud (Allocation By Price)
Financial Certification
Financial Certification
Download